| CPC G06F 21/566 (2013.01) [G06F 2221/034 (2013.01)] | 20 Claims |
|
1. A system comprising:
a microprocessor; and
a computer readable medium, coupled with the microprocessor and comprising microprocessor readable and executable instructions that, when executed by the microprocessor, cause the microprocessor to:
identify a current thread pattern;
identify current resource information associated with the current thread pattern;
accessing a set of adjustment characteristics, the set of adjustment characteristics describing how a thread pattern varies when running on different resources;
selecting, based on the current resource information, an adjustment characteristic of the set of adjustment characteristics;
adjusting the current thread pattern based on the selected adjustment characteristic to provide an adjusted current thread pattern;
compare the adjusted current thread pattern and the current resource information associated with the adjusted current thread pattern to an existing malicious thread pattern associated with a type of malware and existing malicious resource information associated with the existing malicious thread pattern;
determine that the comparison meets a threshold; and
in response to the comparison meeting the threshold, take an action to mitigate the type of malware.
|